Generations of firewalls

Page 1

THE UNIVERSITY OF DODOMA

College Of Informatics and Virtual Education PROGRAM: B Sc. Computer and Information Security ASSIGNMENT NO.1

COURSE NAME: Information Security Technologies COURSE CODE: CS 220 COUSE INSTRUCTOR: Adolf Kamuzora Question: Write notes on generations of firewalls. S/n 1 2 3 4 5 6 7 8 9 10

Name MAKAME, MAKAME H TWALIB,MOHAMED A SEMKIWA,HARUNA MBEYELA, JOAN MWOMBEKI,JUDITH MAKOGA, BARAKA A EDWARD, YUSTO MICHAEL, DANIEL E MOSHA, BAZILI K NKANDI, SAMSON

Registration No. T/UDOM/2010/00410 T/UDOM/2010/00441 T/UDOM/2010/00437 T/UDOM/2010/00415 T/UDOM/2010/00428 T/UDOM/2010/00411 T/UDOM/2010/00392 T/UDOM/2010/00417 T/UDOM/2010/00422 T/UDOM/2010/00431

Program B. Sc. CIS B. Sc. CIS B. Sc. CIS B. Sc. CIS B. Sc. CIS B. Sc. CIS B. Sc. CIS B. Sc. CIS B. Sc. CIS B. Sc. CIS Tuesday, November 22, 2011

A firewall is a software/hardware or combination of both that restricts unauthorized inward network access or trusted network. It is set up to control traffic flow between two networks by configured permissions like Allow, Deny, Block, Encrypt, etc. Its main function is to provide a single point of defense between two networks. That is to say that normally it is employed to avoid illegal access to personal computers or corporate networks from external unsafe entities like the Internet. There are five generations of firewalls, these are stated and well explained as seen below .

 First generation - Packet filtering firewalls. History; It was developed around late 1980s by Jeff mogul from Digital Equipments Corporation. Mode of function; It works at layer three of the OSI model that is a Network layer. It inspects incoming and outgoing packets to ensure that they match to some predetermined criteria. If the packet does not match the criteria it will simply forward it from one network to another. The restriction is based on IP source and Destination address, Direction and Transmission control protocol (TCP) or User Datagram Protocol (UDP). Advantages  

It can be used to block incoming/outgoing packets from certain IP address ranges. It can be configured to restrict the number of ports through which data may enter or leave the network to prevent hackers from using unused port numbers to gain access to the Local Area Network (LAN) It is of very high speed, simple and Transparent to users.

Weakness   

It is exposed to attacks which are IP address spoofing, Source routing attacks and tiny fragment attacks. It has Lack of Authentication. It does not support sophisticated rule-based models.

Tuesday, November 22, 2011

 Second Generation- Application Firewall History; It was developed during 1989-1990 timeframe by Dave Pressoto and Howard Trickey of AT&T Bell Laboratories. Mode of function; It works in Application layer of the OSI model. It is also known as proxy server. It runs special software to design for a service request. For Example, when a user requests a web page by entering the URL of the page, the request is sent to the proxy server rather than to the web server on which the page resides. The proxy server passes the request to the web server, giving its own IP address as the address to which the response should be sent. Once the server has responded the proxy server passes the response to the client server. Advantages   

It preserve the anonymity of a client computer on the local network by allowing the external web servers to only see the proxy server’s global IP address. It can be configured as a web filter to block access to undesirable content, or to deny access to a specific IP address or IP address range. It is fast because it serves locally copies of recently accessed web documents for a pre-determined length of time in cache. It means there is an intermediate area between trusted network and untrusted network named Demilitarized Zone (DMZ) Easy to log and Audit all incoming traffic.

Weakness    

It requires additional processing Overhead on each Connection. Degrades Traffic Performance. Some Support only a limited number of applications. Breaks Client/server model which is good for Security but sometimes bad for functionality.

 Third Generation- State Inspection Firewalls. History; It was developed during the late 1980s and early 1990s by several people in the United States. Mode of function; It works in the network layer of the OSI model. It keeps track of each network connection established between internal and external systems using a state table. It is Tuesday, November 22, 2011

the same as packet filter firewalls but it steps a little bit further. Rather than filtering packets based on address only, it restricts by denying access to packets that are response to internal request. If an incoming packet can’t match in its state table, then it defaults to its access control lists to determine whether to allow packet to pass. Advantage 

It can track connections packet traffic such as UDP.

When it receives a large number of packets, which slows it down to compare the packets if they match, Denial of Service Attack occurs.

Weakness

 Fourth Generation- Dynamic Packet Filtering Firewall.

History; It was developed around 1992 by Bob Braden and Annette DeSchon at USC’s information sciences.

Mode of function; It works in the network and transport layers of the OSI model. Is a firewall that monitors the state of active connections and use this information to determine which network packets to allow through the firewall by recording session information such as IP addresses and Port Address. It provides packet filtering based not only on packet information in the current packet but also on previous packets that have been sent.

Advantages  

It provides a better level of security since it takes a closer look at the contents of the packet and also considers previous connection states. It provides additional capabilities including inspection of packet contents up to the application layer.

Weakness 

Network performance is degraded when a complex access control lists are set up to filter the packets. Tuesday, November 22, 2011

 Fifth Generation- Kernel Proxy Firewall. History; Its development idea was brought about during 1996 by Scott Wiegel, Chief Scientist at Global Internet Software Group and finally came into Practice in the year 1997. Mode of function; It works in the Application layer of the OSI model. It Evaluates packets at multiple layers of the protocol stack when data pass the stack up and down. When Packets arrives, new virtual network Stack is created only required protocol components are loaded and all layers are evaluated carefully, if anything is unsafe packet is discarded. Advantage 

It is faster because processing is done in one Kernel; one network stack is created for each packet.

References.  

Information Security Administration Book, summer 2006, Feibish. Advance Firewalls, Yingjie Jiang.

Tuesday, November 22, 2011

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.